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Abstract 

Tableaux-based decision procedures for satisfiability of modal and 
description logics behave quite well in practice, but it is sometimes 
hard to obtain exact worst-case complexity results using these ap- 
proaches, especially for ExpTiME-complete logics. In contrast, auto- 
mata-based approaches often yield algorithms for which optimal worst- 
case complexity can easily be proved. However, the algorithms ob- 
tained this way are usually not only worst-case, but also best-case 
exponential: they first construct an automaton that is always ex- 
ponential in the size of the input, and then apply the (polynomial) 
emptiness test to this large automaton. To overcome this problem, 
one must try to construct the automaton "on-the-fly" while perform- 
ing the emptiness test. 

In this paper we will show that Voronkov's inverse method for the 
modal logic K can be seen as an on-the-fly realization of the empti- 
ness test done by the automata approach for K. The benefits of this 

*A short version of this report has appeared at the First International Joint Conference 
on Automated Reasoning, IJCAR 2001. This work has been done while the authors were 
working at the Research Area for Theoretical Computer Science, RWTH Aachen, Germany. 
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result are two-fold. First, it shows that Voronkov's implementation of 
the inverse method, which behaves quite well in practice, is an opti- 
mized on-the-fly implementation of the automata-based satisfiability 
procedure for K. Second, it can be used to give a simpler proof of 
the fact that Voronkov's optimizations do not destroy completeness of 
the procedure. We will also show that the inverse method can easily 
be extended to handle global axioms, and that the correspondence to 
the automata approach still holds in this setting. In particular, the 
inverse method yields an ExpTiME-algorithm for satisfiability in K 
w.r.t. global axioms. 

1 Introduction 

Decision procedures for (propositional) modal logics and description logics 
play an important role in knowledge representation and verification. When 
developing such procedures, one is both interested in their worst-case com- 
plexity and in their behavior in practical applications. From the theoretical 
point of view, it is desirable to obtain an algorithm whose worst-case com- 
plexity matches the complexity of the problem. From the practical point of 
view it is more important to have an algorithm that is easy to implement and 
amenable to optimizations, such that it behaves well on practical instances 
of the decision problem. 

The most popular approaches for constructing decision procedures for 
modal logics are i) semantic tableaux and related methods iTOlEl; ii) trans- 
lations into classical first-order logics [121 C] ; and iii) reductions to the empti- 
ness problem for certain (tree) automata [T7| I14j. 

Whereas highly optimized tableaux and translation approaches behave 
quite well in practice ^] , it is sometimes hard to obtain exact worst- 
case complexity results using these approaches. For example, satisfiability 
in the basic modal logic K w.r.t. global axioms is known to be ExpTime- 
complete JHl- However, the "natural" tableaux algorithm for this problem 
is a NExpTlME-algorithm [2], and it is rather hard to construct a tableaux 
algorithm that runs in deterministic exponential time 0. 

In contrast, it is folklore that the automata approach yields a very simple 
proof that satisfiability in K w.r.t. global axioms is in ExpTime. However, 
the algorithm obtained this way is not only worst-case, but also best-case 
exponential: it first constructs an automaton that is always exponential in 
the size of the input formulae (its set of states is the powerset of the set 
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of subformulae of the input formulae), and then apphes the (polynomial) 
emptiness test to this large automaton. To overcome this problem, one must 
try to construct the automaton "on-the-fiy" while performing the emptiness 
test. Whereas this idea has successfully been used for automata that perform 
model checking PIEl, to the best of our knowledge it has not yet been applied 
to satisfiability checking. 

The original motivation of this work was to compare the automata and 
the tableaux approaches, with the ultimate goal of obtaining an approach 
that combines the advantages of both, without possessing any of the dis- 
advantages. As a starting point, we wanted to see whether the tableaux 
approach could be viewed as an on-the-fiy realization of the emptiness test 
done by the automata approach. At first sight, this idea was persuasive since 
a run of the automaton constructed by the automata approach (which is a 
so-called looping automaton working on infinite trees) looks very much like 
a run of the tableaux procedure, and the tableaux procedure does gener- 
ate sets of formulae on-the-fiy. However, the polynomial emptiness test for 
looping automata does not try to construct a run starting with the root of 
the tree, as done by the tableaux approach. Instead, it computes inactive 
states, i.e., states that can never occur on a successful run of the automa- 
ton, and tests whether all initial states are inactive. This computation starts 
"from the bottom" by locating obviously inactive states (i.e., states without 
successor states), and then "propagates" inactiveness along the transition 
relation. Thus, the emptiness test works in the opposite direction of the 
tableaux procedure. This observation suggested to consider an approach 
that inverts the tableaux approach: this is just the so-called inverse method. 
Recently, Voronkov has applied this method to obtain a bottom-up de- 
cision procedure for satisfiability in K, and has optimized and implemented 
this procedure. 

In this paper we will show that the inverse method for K can indeed be 
seen as an on-the-fiy realization of the emptiness test done by the automata 
approach for K. The benefits of this result are two-fold. First, it shows 
that Voronkov's implementation, which behaves quite well in practice, is 
an optimized on-the-fiy implementation of the automata-based satisfiability 
procedure for K. Second, it can be used to give a simpler proof of the fact 
that Voronkov's optimizations do not destroy completeness of the procedure. 
We will also show 

how the inverse method can be extended to handle global axioms, and 
that the correspondence to the automata approach still holds in this set- 
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ting. In particular, the inverse method yields an ExpTlME-algorithm for 
satisfiability in K w.r.t. global axioms. 

2 Preliminaries 

First, we briefly introduce the modal logic K and some technical deflnitions 
related to K-formulae, which are used later on to formulate the inverse calcu- 
lus and the automata approach for K. Then, we deflne the type of automata 
used to decide satisflability (w.r.t. global axioms) in K. These so-called loop- 
ing automata ^H] are a specialization of Biichi tree automata. 

Modal Formulae 

We assume the reader to be familiar with the basic notions of modal logic. 
For a thorough introduction to modal logics, refer to, e.g., 

K-formulae are built inductively from a countably inflnite set V = {pi,P2, ■ ■ ■} 
of propositional atoms using the Boolean connectives A, V, and -i and the 
unary modal operators □ and O. The semantics of K-formulae is deflne as 
usual, based on Kripke models = {W, R, V) where is a non-empty set, 
R G W X W is an accessibility relation, and V : V ^ 2^ is a valuation 
mapping propositional atoms to the set of worlds they hold in. The relation 
1= between models, worlds, and formulae is deflned in the usual way. Let 
G,H he K-formulae. 

Then G is satisfiable iff there exists a Kripke model Ai = {W, R, V) and 
a world w E W with A4,w \= G. The formula G is satisfiable w.r.t. the global 
axiom H iff there exists a Kripke model M. = {W, R, V) and a world w E W 
such M,w \= G and M,w' \= H for all w' G W. 

K-satisflability is PSPACE-complete jTH|, and K-satisflability w.r.t. global 
axioms is ExpTlME-complete [TB] . 

A K-formula is in negation normal form (NNF) if -i occurs only in front 
of propositional atoms. Every K-formula can be transformed (in linear time) 
into an equivalent formula in NNF using de Morgan's laws and the duality 
of the modal operators. 

For the automata and calculi considered here, sub-formulae of G play an 
important role and we will often need operations going from a formula to its 
super- or sub-formulae. As observed in |Tn], these operations become easier 
when dealing with "addresses" of sub-formulae in G 
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Figure 1: The set IIg for G = O^pi A (0^2 A ^(^^2 ^ Pi)) 

rather than with the sub-formulae themselves. 

Definition 1 (G-Paths) For a K-formula G in NNF, the set of G-paths 
11^ is a set of words over the alphabet {V/, V^, A;, A,-, □, O}. The set Uq and 
the sub-formula G\t, of G addressed by % & Uq are defined inductively as 
follows: 

• e G IIg and G\e = G 

• if 71 E Hg and 

- G\j, = Fi A F2 then vrA/, ttA^ G IIg, G\^,/^,^ = Fi, Gj^Ar = F2, and 
IT is called A-path 

- G\^ = Fi V F2 then 'K\/i,'K\/r E Ug, Gl^rv, = -^1, Gj^v, = F2, and 
71 is called V-path 

— G\t, = OF then ttD G IIg, GIt^d = F and n is called D-path 

— GItt = OF then nO G IIg, G|^o = F and tt is called O-path 

• IIg is the smallest set that satisfies the previous conditions. 

We use of A=k and V* as placeholders for Ai,Ar and V;,Vr., respectively. 
Also, we use XX and as placeholders for A, V and □, O, respectively. If tt is 
an A- or and V-path then tt is called Y^-path. If vr is a □- or a O-path then tt 
is called 0-path. 

Figure H shows an example of a K-formula G and the corresponding set 
IIg, which can be read off the edge labels. For example, A,.Ar is a G-path 
and G|a,a. = □(^P2 Vpi) 
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Looping Automata 

For a natural number n, let [n] denote the set {1, . . . , n}. An n-ary infinite 
tree over the alphabet S is a mapping t : [n]* S. An n-ary looping tree 
automaton is a tuple 21 = (Q, S, /, A), where Q is a finite set of states, S is 
a finite alphabet, / C Q is the set of initial states, and A C Q x E x is 
the transition relation. Sometimes, we will view A as a function from Q x E 
to 2*^" and write A(q', a) for the set {q | (g, cr, q) G A}. 

A run of 2t on a tree t is a n-ary infinite tree r over Q such that 

{r{p),t{p), (r(pl), . ..,r{pn))) E A 

for every p E [n]*. The automaton 21 accepts t iff there is a run r of 2t on 
t such that r(e) G /. The set i^(2t) := {t | 21 accepts t} is the language 
accepted by 21. 

Since looping tree automata are special Biichi tree automata, emptiness 
of their accepted language can effectively be tested using the well-known 
(quadratic) emptiness test for Biichi automata ^7]. However, for looping 
tree automata this algorithm can be specialized into a simpler (linear) one. 
Though this is well-known in the automata theory community, there appears 
to be no reference for the result. 

Intuitively, the algorithm works by computing inactive states. A state 
g G Q is active iff there exists a tree t and a run of 21 on t in which q occurs; 
otherwise, q is inactive. It is easy to see that a looping tree automaton accepts 
at least one tree iff it has an active initial state. How can the set of inactive 
states be computed? Obviously, a state from which no successor states are 
reachable is inactive. Moreover, a state is inactive if every transition possible 
from that state involves an inactive state. Thus, one can start with the set 

Qo:={?eg|VaGE.A(g,a) = 0} 

of obviously inactive states, and then propagate inactiveness through the 
transition relation. 

We formalize this propagation process in a way that allows for an easy 
formulation of our main results. 

A derivation of the emptiness test is a sequence Qo > Qi > ■ ■ ■ > Qk 
such that Qi Q and Qi > Qi+i iff Qi+i = QiU {q} with 

qe{q' eQ\yae E.V(gi, ...,qn)e A{q, a)3j.qj G Q^}. 
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We write Qq >* P iff there is a A; G N and a derivation Qq > . . . > Qk with 
P = Qk- The emptiness test answers "L(2l) = 0" iff there exists a set of 
states P such that Qo >* P and I ^ P. 

Note that Q > F imphes Q ^ P and that Q ^ Q' and Q > P imply 
Q' >* F. Consequently, the closure Qq of Qo under >, defined by Qq =: 
[J{P I Qo > P}, can be calculated starting with Qq, and successively adding 
states q to the current set Qi such that Qi > Qi U {q} and q ^ Qi, until 
no more states can be added. It is easy to see that this closure consists of 
the set of inactive states, and thus L{^) = iff / C Qq. As described until 
now, this algorithm runs in time polynomial in the number of states. By 
using clever data structures and a propagation algorithm similar to the one 
for satisfiability of propositional Horn formulae [7], one can in fact obtain a 
linear emptiness test for looping tree automata. 

3 Automata, Modal Formulae, and the In- 
verse Calculus 

We first describe how to decide satisfiability in K using the automata ap- 
proach and the inverse method, respectively. Then we show that both ap- 
proaches are closely connected. 

3.1 Automata and Modal Formulae 

Given a K-formula G, we define an automaton 21g such that L{QIg) = iff G is 
not satisfiable. In contrast to the "standard" automata approach, the states 
of our automaton 21^ will be subsets of Uq rather than sets of subformulae 
of G. Using paths instead of subformulae is mostly a matter of notation. 
We also require the states to satisfy additional properties (i.e., we do not 
allow for arbitrary subsets of 11^). This makes the proof of correctness of the 
automata approach only slightly more complicated, and it allows us to treat 
some important optimisations of the inverse calculus within our framework. 
The next definition introduces these properties. 

Definition 2 (Propositionally expanded, clash) Let G be a K-formula 
in NNF, Ug the set of G -paths, and $ C Uq. An A-path n E ^ is proposi- 
tionally expanded in $ iff {ttAi, irAr} C $. An M-path n E ^ is proposition- 
ally expanded in $ iff {ttV^, ttV,.} fl $ 7^ 0. 



7 



The set $ is propositionally expanded iff every M-path n G ^ is proposi- 
tionally expanded in $. We use "p.e. " as an abbreviation for "propositionally 
expanded". 

The set <!>' is an expansion of the set $ $ C $' is p.e. and $' is 
minimal w.r.t. set inclusion with these properties. 

For a set we define the set of its expansions as (($)) := {$' | $' is an expansion 
$ contains a clash iff there are two paths 7ri,7r2 G $ such that Gl^r^ = p 
and GIttj = ~'P for a propositional variable p. Otherwise, $ is called clash- 
free. 

For a set of paths "if, the set {{9)) can effectively be constructed by succes- 
sively adding paths required by the definition of p.e. A formal construction 
of the closure can be found in the proof of Lemma El Note that is p.e., 
clash-free, and ((0)) = {0}. 

Definition 3 (Formula Automaton) For a K-formula G in NNF, we fix 
an arbitrary enumeration {tti, . . . , 7r„} of the O-paths in Ug. 

The n-ary looping automaton^c is defined by^c '■= (Qd Sg, (({e})), Ag), 
where Qg '■= '■= ^ | $ is p.e.} and the transition relation Ag is 
defined as follows: 

• Ag contains only tuples of the form ($, $,...). 

• If ^ is clash-free, then we define Ag($,$) := ((^i)) x ■■■ x {{^n)), 



• // $ contains a clash, then Ag'($, $) = 0, i.e., there is no transition 



Note, that this definition implies Ag(0, 0) = {(0, . . . , 0)} and only states 
with a clash have no successor states. 

Theorem 1 For a K-formula G, G is satisfiable iff L{%g) 7^ 0- 

This theorem can be proved by showing that i) every tree accepted by 
%G induces a model of G; and ii) every model M. oi G can be turned into 
a tree accepted by 21^ by a) unraveling M. into a tree model T for G; b) 



where 




{vTiO} U {ttD I tt G $ zs a U-path } if Hi e ^ 
else 



from $. 
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labeling every world of T with a suitable p.e. set depending on the formulae 
that hold in this world; and c) padding "holes" in T with 0. 

Proof. Let {tti, . . . , 7r„} be an enumeration of the O-paths in Uq- 

For the ^/-direction let L(21g) t,r : [n]* ^ {$ C Hg | $ is p.e.} a 

tree that is accepted by 21g and a corresponding run of 21^- By construction 
of t{w) = r{w) for every w e [n]*. We construct a Kripke model M. = 
{W, R, V) from t by setting 

W = {w e[n]* \ t{w) ^ 0} 
R = {{w, wi) eW xW \ i e[n]} 

V — XP.{p e I 37r e t{w).G\T^ — P} for all propositional atoms P 
Claim. For all w eW, iin e t{w) then M, w |= 

Proof of the claim. The claim is proved by induction on the structure of K- 
formulae. Let w e be a world and tt e Uq be a path such that tt G t{w). 

• if GItt = P is a propositional atom and w e W, then w e V{P) and 
hence Al, w |= GItt- 

• if GItt = "i-P is a negated propositional atom, then, since t{w) is clash 
free, there is no tt' G such that Gj^r' = -P. Thus, w ^(-P) and 
hence Al, w ^ -iF. 

• if G|^ = F1AF2 then tt is an A-path, and since t{w) is p.e., {ttA/, vrAr} C 
t{w). By induction, |= G|^a, and hence |= G|^. 

• if GItt = F1VF2 then tt is an V-path, and since t{w) is p.e., {vrV;, TrV^jn 
t{w) ^ 0. By induction, A4,w |= GIttV; or |= Gj^Vr- and hence 
M,w 1= GItt. 

• if G|^ = OF then tt is a O-path and, w.o.l.g., assume tt = TTj. Since 
TTj e ^(^^;), tTjO G r{wi) — t{wi) holds and hence wi &W and {w,wi) e 
i?. By induction, we have that Al, |= G|^.o and hence M., w |= G|^.. 

• if G|^ = OF and (tf , w') G R then to' = for some i e [n] and t{wi) ^ 
holds and by construction of 21g, this implies ttD G r(wi) = t{wi). 
By induction, this implies A4,wi \= G|^a and since wi — w' and w' has 
been chosen arbitrarily, A4,w |= G|^. 
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This finishes the proof of the claim. Since t(e) — r(e) e (({e})) and hence 
e G t(e), Ai,e \= and G = is satisfiable. 

For the only ^/-direction, wc first show an auxiliary claim: for a set 
^ C Eg we define , |= \1' iff , w |= G\-^ for every tt G \E'. 

C/azm. If ^ C IIg and w eW such that A4, it; |= then there is a $ G ((*)) 
such that M,w \= ^. 

Proof of the claim. Let ^ C IIg; and w G such that M.,w \= We will 
show how to construct an expansion of ^ with the desired property. If ^ is 
already p.e., then ^ G ((^)) and we are done. If ^ is not p.e. then let tt G 
be a XX-path that is not p.e. in ^. 

• If TT is a A-path then G*!^ = F1AF2 and since Ai,w \= G\t^, also Al, -u; |= 
^1 = GIttAj and A^jit; |= F2 = GI^a,-- Hence M,w |= ^' U {7rA/,7rA^} 
and ^' = ^ U {nAi,nAr} is a set with M,w \= ^' that is"one step 
closer" to being p.e. than ^. 

• If TT is a V-path then = Fi V F2 and since A4,w \= also 
M,w^ Fi = G|^v, or w 1= F2 = Gl^^. Hence w ^ ^ U {ttVJ 
or Al, to 1= ^ U {ttV^} and hence can obtain a set ^' with Al, to ^ 
that is again "one step close" to being p.e. than ^. 

Restarting this process with — ^' eventually yields an expansion $ of 
the initial set \E' with Ai,w \= ^, which proves the claim. 

Let M = (W, R, V) be a model for G with w E W such that M,w \= G. 
From Ai we construct a tree that is accepted by Sic- Using this claim, 
we inductively define a tree t accepted by SIg- To this purpose, we also 
inductively define a function / : [n]* — > such that, if M., f{p) |= t{p) for 
all p. 

We start by setting /(e) = ?/; for a w G W with Ai,w \= G. and t(e) = $ 
for a $ G (({e})) such that Ai, w |= $. From the claim we have that such a 
set $ exists because M.,w \= G = G\e- 

If /(p) and t(p) are already defined, then, for i G [n], we define f{pi) and 
as follows: 

• if TTj G t{p) then M.,f{p) \= G|,rj and hence there is a to' G such 
that {f{p),w') G R and M,w' |= GItt^o- If tt G is a D-path, 
then also M.w' |= G|^n holds. Hence M,w' \= {niO} U {ttD | tt G 
t{p) is a D-path }. We set f{pi) = to' and t{pi) = $ for a $ G (({TTjOjU 
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{ttD I 71 G t{p) is a D-path })) with Ai,w' \= $, which exist by the 
claim. 

• if TTj ^ tip), then we set f{pi) = w for an arbitrary w E W and 
t{pi) = 0. 

In both cases, we have define f{pi) and t{pi) such that A4, fipi) |= It 
is easy to see that t is accepted by 21^ with the run r = t. Hence L{%q) ^ 
which is what we needed to show. ■ 

Together with the emptiness test for looping tree automata, Theorem 
yields a decision procedure for K-satisfiability. To test a K-formula G for 
unsatisfiability, construct Stc and test whether L{^g) = holds using the 
emptiness test for looping tree automata: L{^g) = iff (({e})) ^ Qq, where 
Qo ^ Qg is the set of states containing a clash. 

The following is a derivation of a superset of (({e})) from Qq for the 
example formula from Figure ^ 

Qo = {{i^5, t'e, 2^7, ^^s}, {i^5, t'e, 1^7, t'g}, • • • } > Qo U {{Z/Q, '^l, 1^2, Z^3, ^^4}} 

V ' V ' 

= ^5,^^6,^^7» = {{e})) 

3.2 The Inverse Calculus 

In the following, we introduce the inverse calculus for K. We stay close to 
the notation and terminology used in |19j . 

A sequent is a subset of 11^. Sequents will be denoted by capital greek 
letters. The union of two sequents F and A is denote by F, A. If F is a sequent 
and TT G lie then we denote F U {tt} by F, vr. 

If F is a sequent that contains only D-paths then we write FD to denote 
the sequent {ttD | tt G F}. Since states of 21g are also subsets of lie and 
hence sequents, we will later on use the same notational conventions for states 
as for sequents. 

Definition 4 (The inverse path calculus) Let G he a formula in NNF 
and Tie the set of paths of G. 

Axioms of the inverse calculus are all sequents {tti, 712} such that GIt^ = p 
and 6*1^2 = ~^P /^^ some propositional variable p. The rules of the inverse 



11 



r;,7rVi r^,7rV^ r,7rA/ T,nAr 

(V) T^-F^— (AO , (A.)- 



r^jF^jTr r,7r r,7r 

(o) — (0+)- 



r,7r r,7r 

Figure 2: Inference rules of ICg 

calculus are given in Figure{^ where all paths occurring in a sequent are G- 
paths and, for every inference, n is a O-path. We refer to this calculus 
by ICg.' 

We define Sq := {F | F is an axiom }. A derivation of ICq is a sequence 
of sets of sequents Sq\- ■ ■ ■ \- Sm where Si h iffSi+i = 5jU{F} such that 

r r 

there exists sequents Fi, . . . G 5j and -^r is an inference. 

We write Sq h* S iff there is a derivation iSq h ■ ■ ■ h Sm with S = Sm- 
The closure Sq of Sq under h is defined by Sq = [J{S \ Sq h* S}. Again, 
the closure can effectively be computed by starting with Sq and then adding 
sequents that can be obtained by an inference until no more new sequents 
can be added. 

As shown in [T^, the computation of the closure yields a decision proce- 
dure for K-satisfiability: 

Fact 1 G is unsatisfiable iff {e} G Sq . 

Figure El shows the inferences of ICg that lead to I'o = e for the example 
formula from Figure H 



3.3 Connecting the Two Approaches 

The results shown in this subsection imply that ICg can be viewed as an 
on-the-fly implementation of the emptiness for SIg- 

In addition to generating states on-the-fly, states are also represented in 
a compact manner: one sequent generated by ICg represents several states 
of SIg- 

appears in the subscript because the calculus is highly dependent of the input 
formula G: only G-paths can be generated by ICq. 



12 



(V)- 



AlO, A^A^DV^ 



A^A^D, A^A^DVi 



AiO, ArA^n, ,Ar.Ar.n 



(A,) 



A/, A^Ai, A^A, 



(A,) 



A;, A^, A^A; 
A;, A^ 



(AO 



e, Ai 



Figure 3: An example of inferences in ICg 

Definition 5 For the formula automaton SIg with states Qg o-nd a sequent 
r C IIq we define [[F]] := {$ G Qg \ F C $}, and for a set S of sequents we 
define [[Sj := Ure^iri- 

Tlie following theorem, which is one of the main contributions of this 
paper, establishes the correspondence between the emptiness test and ICg- 

Theorem 2 (ICg and the emptiness test mutually simulate each other) 

Let Qo, Sq, >, and h be defined as above. 

1. Let Q be a set of states such that Qo \^ Q- Then there exists a set of 
sequents S with So h* S and Q C [[5]] . 

2. Let S be a set of sequents such that Sq h* S. Then there exists a set of 
states Q C Qg with Qo >* Q and [{S} C Q. 

The first part of the theorem shows that ICg can simulate each compu- 
tation of the emptiness test for The set of states represented by the 
set of sequents computed by \Cg may be larger than the one computed by 
a particular derivation of the emptiness test. However, the second part of 
the theorem implies that all these states are in fact inactive since a possibly 
larger set of states can also be computed by a derivation of the emptiness 
test. 

In particular, the theorem implies that \Cg can be used to calculate a 
compact representation of Qq. This is an on-the-fly computation since 21^ 
is never constructed explicitly. 

Corollary 1 Q^ = IS^l 



Proof. If $ G Qq then there exists a set of states Q such that Qq >* Q and 
$ G Q- By Theorem 1211, there exists a set of sequents S with Sq h* S and 
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Q ^ . Hence $ G [[5q ] • For the converse direction, if $ G [[5q ] then there 
exists a set of sequents S with Sq h* S and $ G [[5]]. By Theorem |2l2, there 
exists a set of states Q with Qo >* Q and C Q and hence $ G Qo'- ■ 

The proof of the second part of Theorem |21 is the easier one. It is a 
consequence of the next three lemmata. First, observe that the two calcuh 
have the same starting points. 

Lemma 1 If Sq is the set of axioms of ICq, and Qq is the set of states of 
Sic that have no successor states, then [[iSq]] = Qq. 

Proof. The set Sq is the set of all axioms i.e., the set of all clashes. Hence 
|iSo| = {$ I $ contains a clash} = Qq. ■ 

Second, since states are assumed to be p.e., propositional inferences of 
ICg do not change the set of states represented by the sequents. 

Lemma 2 Let S \- T be a derivation of ICg that employs a Ai-, Ar-, or a 
y -inference. Then [[5] = |T]]. 

Proof. Since S <^T, [[5] C |T] holds immediately. To show |7^] C [[5], we 
distinguish the different inferences used to obtain T from S: 

r 7r/\ 

• If the employed inference is (A*) ^ — - — and T = S U {r,7r} with 

r,7r 

r,7rA, G S. Then |T1 = [[S]] U |r,7r]]. Let $ G |r,7r]]. $ is p.e. and 
hence tt G $ implies vrA^^ G $. Thus, F, ttA* C $ and $ G |F, 7rA*| C 

• F;,7rVi Fj., Vj. 

• Assume that the employed mference is (v) — and T = 

F;, Tr, 71 

S U {F,,F^,7r} with Fi,7rV; G S, F,.,V,. G S. Then [[T]] = ISj U 
|F;, Fj., vr]]. Let $ G [[F;,Fr,7r]. $ is p.e. and hence, w.o.l.g., ttV^ G $. 
Thus, Fi, ttV, C $ and $ G [F^, ttV^I C 
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Third, modal inferences of ICg can be simulated by derivations of the 
emptiness test. 

Lemma 3 LetS \- T he derivation of ICq that employs a O- or -inference. 
If Q is a set of states with [[5]] U Qo Q then there exists a set of states P 
with Q>* P and [[Tj C P. 

Proof. We only consider the O-inference, the case of a 0"*'-inference is 
analogous. If 5 h T by an application of a O-inference, then T = 5 U {F, tt} 
where F consists only of D-paths, tt is a O-path (w.o.l.g., we assume tt = 
TTj, the z-th path in the enumeration of O-paths in 11^), FDjTTjO G S and 

(O)^^HlIl^. Also, [[T]] = [[S]] U [[F,7r,l holds. 

Claim. Let $ G |F, vTj]] and R a set of states with |Fn, tTjO]] UQq <^ R. Then 
there exists a derivation R D>* R' with $ G and |Fn, {niO)} U Qo R' 

Proof of the Claim. If $ contains a clash then $ G Qo ^ and nothing has 
to be done. If $ does not contain a clash, then Ag($, $) = ((^t'i)) x ■ ■ • x {{"^n)) 
where the are defined as in Definition El and especially, since tTj G $, 

((^.)) = (({^,0} U {nn I ^ G $ is a D-path })) C [[Fn,7riO]] C R 

Since all states in {{^i)) have been marked inactive, the emptiness test can 
also mark $ inactive and derive R[> RU {$} = R', which proves the claim. 

Using this claim, we prove the lemma as follows. Let $j, . . . be an 
enumeration of |F,7rj]. The set Pq = Q satisfies the requirements of the 
claim for R. Thus, we repeatedly use the claim and chain the derivations to 
obtain a derivation Q = Pq t> Pi > . . . > P^ = P such that $i G Pi. Since 
the sets grow monotonically, in the end [[F,7r] C P holds, which implies 

an c p. 

Given these lemmata, proving Theorem |2l2 is quite simple. 

Proof of Theorem [32. The proof is by induction on the length m of the 
derivation iSq h iSi ■ ■ ■ h Sm = S of \Cg- The base case m = is Lemma [T] 
For the induction step, iSj+i is either inferred from Si using a propositional 
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inference, which is dealt with by Lemma |2l or by a modal inference, which is 
dealt with by Lemma El Lemma 121 is applicable since, for every set of states 
Q with Qo >* Q, Qo^Q- ■ 

Proving the first part of Theorem |21 is more involed because of the calcu- 
lation of the propositional expansions implicit in the definition of Stfj. 

Lemma 4 Let $ C Hq be a set of paths and S a set of sequents such that 
((^)) ^ [[i?]]. Then there exists a set of sequents T with S\-*T such that there 
exists a sequent A G T with A C $. 

Proof. If $ is p.e., then this is immediate, as in this case ((<!>)) = {$} C [[5]. 

If $ is not p.e., then let select be an arbitrary selection function, i.e., a 
function that maps every set \I' that is not p.e. to a XX-path tt G \1/ that is not 
p.e. in Let T$ be the following, inductively defined tree: 

• The root of T$ is $. 

• If a node \1/ of T<j, is not p.e., then 

— if select(\I') = tt is an A-path, then \1/ has the successor node 
\E', ttA;, vrAr and \1/ is called an A-node. 

— if select(^) = tt is an V-path, then \1/ has the successor nodes 

vrV; and ttV; and \1/ is called an V-node. 

• If a node \l/ of T$ is p.e., then it is a leaf of the tree. 

Obviously, the construction is such that the set of leaves of T$ is (($)). 

Let Ti, . . . T£ be a post-order traversal of this tree, so the sons of a node 
occur before the node itself and = $. 

Along this traversal we will construct a derivation S = Tq h* ■ ■ ■ h* 7^ = T 
such that, for every 1 < i < j < £, Tj contains a sequent Aj with Aj C Tj. 
Since the sets Tj grow monotonically, it suffices to show that, for every 1 < 
i ^ £, % contains a sequent Aj with Aj C Tj. 

Whenever Tj is a leaf of T$, then Tj G (($)) C Hence there is 

already a sequent Aj G 7^ with Aj C Tj and no derivation step is necessary. 
Particularly, in a post-order traversal, Ti is a leaf. 

We now assume that the derivation has been constructed up to Tj. 
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If Tj+1 is a leaf of T$, then nothing has to be done as there exists a 
Aj+i eTgCTi with Aj+i C T^+i 

If Tj+i is an A-node with selected A-path tt G Tj+i. Then, the successor 
of Tj_|_i in T$ is Tj+i7rA/, ttA^ and appears before Tj+i in the traversal. 
By construction there exists a sequent A G 7^ with A C Tj+i, ttA;, ttA^. 
If A n {ttA;, TrAr} = then wc arc done because then also A C Tj+i. If 
one or both of ttA/, iiAr occur in A, then 

- if A = r, ttA/ for some F with ttA^ ^ F then this implies that the 
inference 

(AO : J (1) 

can be used to derive % \- % U {F, tt} = T^+i and F, tt C Tj+i 
holds. 

- the case A = F, ttA^ for some F with ttAi ^ F if analogous. 

- if A = F, 7rA;,7rAj. for some F with {nAijirAr} n F = then the 
inferences 

F,7rA;,7rA^ 
(AO r ^ 

(Ar) TT—- 

i ,7r,7r 

can be used in the derivation % h 7^U{F, tt, TrAr} l~ ^U{F, tt, 7rAr}U 
{F, tt} = 7^+1 and by construction F, tt C Tj+i holds. 

If Tj+i is an V-node with selected V-path tt G Tj+i. Then, the suc- 
cessors of Tj+i in T$ are Tj+i, ttV/ and Tj+i, ttV^, and by construction 
there exist sequences A;, A^ G 7^ with A* C Tj+i,7rV*. 

If Try I ^ A; or vrVr ^ A^, then A; C Tj+i or A^ C Tj+i holds and hence 
already % contains a sequent A with A C Tj+i. 

If Ai = Ti, ttVi and A^ = F^, ttV^ with ttV* ^ F* then ICg can use the 
inference 

F/.TTV/ T,,TvVr 

(V) p p ^ ^ (3) 

to derive 7J h 7^ U {Fi,r,.,7r} = 7^+1. and and F/,Fr,7r C Tj+i holds 
as follows: assume there is a tt' G r;,r,.,7r with tt' ^ Tj+i. Since 
TV G Tj+1, w.o.l.g., tt' G F;. But then also F/ ^ Tj_|_i,7rV/ would hold, 
since tt' 7^ ttV; because ttV; ^ F;. 
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Proceeding in this manner, starting from Tq = S, we can construct a 
derivation that yields a set T = 7^ of states containing a sequent A such 
that A C = $. . 



Proof of Theorem 1 . We show this by induction on the number k of 
steps in the derivation Qo t> . . . t> Qk = Q. Again, Lemma [T] yields the base 
case. 

For the induction step, let Qq >...> Qi > Qi+i = Qi U {$} be a 
derivation of the emptiness test and Si a set of sequents such that S h* Si 
and Qi C Such a set exists by the induction hypothesis because the 

derivation Qo >•••!> is of length i. Now let Qi > Qi U {$} = Qi+i be 
the derivation of the emptiness test. If already $ G Qj then Qi+i C and 
we are done. 

If $ ^ Qi, then 

Qo C Qi implies that Ag($, $) ^ 0. 

Since is an active state, we know that ^ ^ Qi, and for Qi t> Qj+i to be a 
possible derivation of the emptiness test, Ag($, $) = ((^E'l)) x ■ • • x ((\I'„)) ^ 
{(0, . . . , 0)} must hold, i.e., there must be a ^'i 7^ such that ((^i)) C Q^ C 
Hence vFj e $ and "^i = {iTiO} U {ttD | tt G $ is a D-path}. 

LemmalUyields the existence of a set of sequents 7^ with Si\-*T containing 
a sequent A with A C This sequent is either of the form A = FD, TTjO or 
A = FD for some F C $. In the former case, ICg can use a O-inference 

Fn,7r,0 

(O)- 



and in the latter O^-inference 

FD 



(0+)- 



to derive 5o h* 5^ h* T h T U {F, tt,} = 5 and $ C [[F, vTi]] holds. 



4 Optimizations 

Since the inverse calculus can be seen as an on-the-fly implementation of the 
emptiness test, optimizations of the inverse calculus also yield optimizations 
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of the emptiness test. We use the connection between the two approaches to 
provide an easier proof of the fact that the optimizations of ICc introduced 
by Voronkov ^H] do not destroy completeness of the calculus. 

4.1 Unreachable states / redundant sequents 

States that cannot occur on any run starting with an initial state have no 
effect on the language accepted by the automaton. We call such states un- 
reachable. In the following, we will determine certain types of unreachable 
states. 

Definition 6 Let 7r,7ri,7r2 G IIg. 

• The modal length of n is the number of occurrences of □ and O in n. 

• 7ri,7r2 G Hg form a V-fork if tti = vrVi/T^ and = TrV^TTg for some 

• TTi, 712 o,i"G O-separated if ni = tt^Ott" and 112 = 7r207r2 such that 7r[, tx^ 
have the same modal length and n[ n^^. 

Lemma 5 Let 21^ be the formula automaton for a K-formula G in NNF 
and $ G Q. // $ contains a \/-fork, two O-separated paths, or two paths of 
different modal length, then $ is unreachable. 

The lemma shows that 

we can remove such states from Sic without changing the accepted lan- 
guage. Sequents containing a V-fork, two O-separated paths, or two paths 
of different modal length represent only unreachable states, and are thus 
redunant, i.e., inferences involving such sequents need not be considered. 

Definition 7 (Reduced automaton) Let Q be the set of states ofOlc that 
contain a V-fork, two O-separated paths, or two paths of different modal 
length. The reduced automaton 21^ = {Qq,T,g, (({e})), A^) is defined by 



Q'g-=Qg\Q and := AgH (Qg X X X •■■ X <5g)- 

Since the states in Q are unreachable, L^g) = L{^q). From now on, 
we consider 21'^ and define [[•] relative to the states on 21'^: [[F] = {$ G Qg \ 
F C $}. 
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4.2 G-orderings / redundant inferences 

In the following, the applicability of the prepositional inferences of the inverse 
calculus will be restricted to those where the affected paths are maximal 
w.r.t. a total ordering of Uq- In order to maintain completeness, one cannot 
consider arbitrary orderings in this context. 

Two paths 71"! , are brothers iff there exists a XX-path vr such that tti = 
ttXX; and tts = yrXX,. or tti = vrXX^ and tts = ttXX;. 

Definition 8 (G-ordering) Let G be a K-formula in NNF. A total ordering 
>- of Ug is called a G-ordering iff 

1. TTi :^ 7r2 whenever 

(a) the modal length o/tti is strictly greater than the modal length of 
1T2; or 

(b) 7ii,n2 have the same modal length, the last symbol of tci is XX^,, and 
the last symbol of tt2 is 0; or 

(c) TTi , have the same modal length and n2 is a prefix of tti 

2. There is no path between brothers, i.e., there exist no G-paths 111,112, 1T3 
such that TTi ;^ and tti, ir^ are brothers. 

For the example formula G of Figure ^ a G-ordering >- can be defined 
by setting uq y y ■ ■ ■ >~ ui y i/q. Voronkov [12] shows that G-orderings 
exist for every K-formula G in NNF. 

Using an arbitrary, but fixed G-ordering the applicability of the propo- 
sitional inferences is restricted as follows. 

Definition 9 (Optimized Inverse Calculus) For a sequent T and a path 
n we write it iff ir >~ n' for every tt' G F. 

r 7r/\ 

• An inference (A,) ^ — - — respects >- iff ii/\* >- F. 

i ,1V 

F;, ttV; Fj., ttVj. 

• An inference (v) respects >- iff ttV/ >- Ti and 

i i TT 

• The O- and -inferences always respect >~. 
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The optimized inverse calculus IC^ works as ICg, but for each derivation 
Sq \- ■ ■ ■ \- Sk the following restrictions must hold: 

• For every step Si h iSj+i, the employed inference respects >~, and 

• Si must not contain M-forks, O-separated paths, or paths of different 
modal length. 

To distinguish derivations of ICg and IC^, we will use the symbol l->_ in 
derivations of IC^. 

In pn]; correctness of IC^ is shown. 

Fact 2 ([19]) Let G be a K-formula in NNF and >- a G-ordering. Then G 
is unsatisfiable iff {e} G S'^ . 

Using the correspondence between the inverse method and the emptiness 
test of we will now give an alternative, and in our opinion simpler, proof 
of this fact. Since IC^ is merely a restriction of ICg, soundness (i.e., the 
if-direction of the fact) is immediate. 

Completeness requires more work. In particular, the proof of Lemma E] 
needs to be reconsidered since the propositional inferences are now restricted: 
we must show that the XX-inferences employed in that proof respect (or can 
be made to respect) y. 

To this purpose, we will follow ^H] and introduce the notion of :^-compactness. 
For )^-compact sets, we can be sure that all applicable XX-inferences respect 
>- . To ensure that all the sets T j constructed in the proof of Lemma |3] are 
:^-compact, we again follow Voronkov and employ a special selection strategy. 

Definition 10 (> — compact, select;^) Let G be a K-formula in NNF and 
>- a G-ordering. An arbitrary set $ C IIg is :^-compact iff, for every ^-path 
TT G $ that is not p.e. in $, ttXX* >~ $. 

The selection function select^ is defined as follows: if ^ is not p.e., then 
let {tti, . . . , TTm} be the set of Y^-paths that are not p.e. in $. From this 
set, select^ selects the path ni such that the paths itiy^t, are the two smallest 
elements in {tt^XX* | 1 < j < m}. 

The function select^ is well-defined because of Condition (2) of G-orderings. 
The definition of compact ensures that XX-inferences applicable to not propo- 
sitionally expanded sequents respect 
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Lemma 6 Let G be a K-formula in NNF, >- a G-ordering, and select^ the 
selection function as defined above. 

Let $ = {e} or $ = FD, tTjO with O-paths T and a O-path ir, all of equal 
modal length. //T$, as defined in the proof of Lemma^ is generated using 
select>_ as selection function, then every node ^ o/T$ is ^--compact. 

Proof. The proof is similar to the proof of Lemma 5.8.3 in [TO". It is given 
by induction on the depths of the node \l/ in the tree T$. For the root $ 
there are two possibihties. If $ = {e} and e is a XX-path, then XX; and XX^ have 
the same modal length as e and X>(=k e by Condition (Ic) of G-orderings. If 
$ = FD, TTjO and tt G $ is a XX-path, then ttXX* ^ $ holds by Condition (lb) 
of G-orderings because the last symbol of every path in $ is 0- 

For the induction step, let \l/ be a node in T<j, which we have already 
shown to be )^-compact. We show that then also its successor nodes (if any) 
are ;^-compact. 

• If \& is an A-node with selected A-path tt G then the successor node 
of is \E'' = \E',7rAi,7rAr. Let vr' G be a XX-path that is not p.e. in 

There are two possibilities: 

— vr' = ttA^,. In this case, since vrA^XX^, >- ttA^, by Condition (Ic) of 
G-orderings and ttA* )~ tt'XX* ^ ^' holds. 

— tt' 7^ ttA*. Then, tt' G \E' and tt' 7^ tt holds because vr is p.e. in 

Since \E' is :^-compact, ^'XX^= >- v for every v . It remains 
to show that tt'XX* >- 7rX>(^., which follows from the fact that vr was 
selected by select^. 

• If \E' is an V-path and the selected V-path is tt G \E', then, w.o.l.g., 
$ = ^f, ttV;. The same arguments as before apply. ■ 

Given this lemma, it is easy to show that the construction employed in 
the proof of Lemma also works for IC^, provided that we restrict the set $ 
as in Lemma El 

Lemma 7 Let $ = {e} or $ = Fn,7rjO vjith D-paths F and a O-path vr all 
of equal modal length and S a set of sequents such that (($)) C . Then 
there exists a set of sequents T with SYyT such that there exists A G T with 
A C $. 
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Proof. We use the same construction as in the proof of Lemma EJ but the 
special selection function select^ as above. From Lemma IHl we have that 
all nodes Tj in T$ are )^-compact. All we have to do is to make sure that 
the employed inferences respect >-. We refer to the inferences by number 
assigned to them in the proof of Lemma |3] 

dTJ Since Tj+i is compact and tt G Tj+i is not p.e. in Tj+i, nAi >- Tj+i 
and hence ttA; >- T because F C Tj+i. 

(121) W.l.o.g., assume nAi >- TrAr. (If this is not the case, then reverse 
the order of the two inferences.) Since Tj+i is compact, F C Tj+i and 
TT e Tj+i is not p.e., ttA/ >- F holds as well as ttA/ >- TfAr- Also ttA^ >- F 
holds, which means that both inferences respect >~. 

d^l) Since Tj+i is compact and tt G Tj+i is not p.e. we have ttV* >- Tj+i and 
since both F/ and F^ are subsets of Tj_|_i, also ttV/ >- F; and ttV^ >- F^ 
holds. ■ 

Alternative Proof of Fact [2l As mentioned before, soundness (the if- 
direction) is immediate. For the only-if-direction, if G is not satisfiable, then 
L{'^^'q) = and there is a set of states Q with Qo >* Q and (({e})) C Q. 
Using Lemma [7| we show that there is a derivation of IC^ that simulates this 
derivation, i.e., there is a set of sequents S with Sq \-yS and Q C [[5]]. 

The proof is by induction on the length m of the derivation Qq > . . . > 
Qm = Q and is totally analogous to the proof of Theorem El The base case is 
Lemma ^ which also holds for IC^ and the reduced automaton. The induc- 
tion step uses Lemma [71 instead of Lemma |31 but this is the only difference. 

Hence, Qq >* Q and (({e})) C Q implies that there exist a derivation 
Sq \-yS such that (({e})) C Lemma d yields a derivation S \-yT with 

5 Global axioms 

When considering satisfiability of G w.r.t. the global axiom H, we must take 
subformulae of G and H into account. We address subformulae using paths 
in G and H. 



23 



Definition 11 {{G, H) -Paths) For K-formulae G,H in NNF, the set of 
{G,H)-paths IIg,h is a subset 0/ {cg, e/^}-{Vi, V^, A^, A^, O}*. The set 
IIg,h and the suhformula of G,H addressed by a path tt G IIg,h 

are defined inductively as follows: 

• ec e IIg,h and {G,H)\,^ = G, and e Ugm and (G, = H 

• if-K e IiG,H and{G,H)\^ = F1AF2 thennAi,nAr G Ug,h, {G,H)\^/,^ = 
Fi, {G,H)\t,;^^ = F2, and n is called A-path. 

• The other cases are defined analogously (see also Definition^. 

• Il.G,H is the smallest set that satisfies the previous conditions. 

The definitions of p.e. and clash are extended to subsets of IIg,h in tlie 
obvious way, with the additional requirement that, for $ 7^ to be p.e., 
ejif G $ must hold. This additional requirement enforces the global axiom. 

Definition 12 (Formula Automaton with Global Axioms) For K-for- 
mulae G,H in NNF, let {tti, . . . , vr^} be an enumeration of the O-paths in 

The n-ary looping automaton 'QIg.h is defined by 

^G := iQG,H,^G,HA{{^G})),^G,H), 

where Qg,h '■= ^g,h '■= £ ^g,h I $ is p.e.} and the transition relation 
Ag^h is defined as for the automaton 21^ in Definitions^ 

Theorem Z G is satisfiable w.r.t. the global axiom H iff L{%g,h) 7^ 0- 

Proof. The proof is totally analogous to the proof of Theorem ^ We use 
the same constructions for both directions. 

Let {tti, . . . , 7r„} be an enumeration of the O-paths in I\.g,h- 
For the z/-direction let L{^g,h) t,r : [n]* ^ {$ C I[g,h \ $ is p.e.} 
a tree that is accepted by ^g,h and a corresponding run of ^g,h- By con- 
struction of ^G,H, i{w) = r{w) for every w G [n]*. We construct a Kripke 
model Ai = (W, R, V) from t by setting 

W = {we [n]* I t{w) ^ 0} 
R = {{w,wi) eW xW \ i e [n]} 

V = XP.{p eW \ 3tt e t{w).{G, H)\^ = P} for all propositional atoms P 
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Claim. For all to e VF, if tt e t{w) then M,w^ {G, H)\^. 

Proof of the claim. The claim is proved by induction on the structure of K- 
formulae. Let w E W he & world and tt G Uq be a path such that tt G 

• if (G, = P is a propositional atom and w e VF, then w e ^(-P) 
and hence M.,w \= (G, 

• if {G,H)\j^ = -iP is a negated propositional atom, then, since t{w) 
is clash free, there is no %' G IIg,h such that {G,H)\t^/ = P. Thus, 
w ^ V{P) and hence M,w -iP. 

• if {G,H)\t, = Fi A F2 then tt is an A-paths, and since t{w) is p.e., 
{7rA;,7rAr} C t{w). By induction, ^^,10 |= (G, and hence 

• if {G,H)\j^ = Fi V F2 then tt is an V-paths, and since t{w) is p.e., 
{ttVj, ttV^} nt{vj) ^ 0. By induction, M,w |= (G, if)|^Vi or 7W,-u; |= 
(G, and hence |= (G, 

• if = then tt is a O-path and, w.o.l.g., assume tt = tTj. 
Since tTj G r(w), VTiO G r(i(;z) = t(tL'i) holds and hence wi 'EW and 
{w,wi) G -R. By induction, we have that A4,wi ^ (G, if)|7rjO and 
hence M,w |= (G, 

• if {G,H)\t, = nF and {w,w') G i? then w' = wi for some i G [n] and 

7^ holds and by construction of '^g,h-i this implies ttD G r(t(;i) = 
t{wi). By induction, this implies wi |= (G, i^)|7rn and since wi — w' 
and w' has been chosen arbitrarily, M.,w \^ (G, -f/)|7r- 

This finishes the proof of the claim. Since t{e) — r(e) G (({cg})) and 
hence G A^,e |= (G, -ff)!^^ and G = (G, -ff)!^^ is satisfiable. 

Also, since t{w) is p.e., G for every w E W and, by the claim, 
M.,w \= H = (G, i^)|ejf holds for every w G M^. Hence G is satisfiable w.r.t. 
the global axiom H. 

For the only ^/-direction, we first show an auxiliary claim: for a set 
* Q n^ij we define Al, to ^ * iff Al, w ^ (G, for every tt G 

Claim. If ^ C Hqh and to G W such that M.,w |= \E', then there is a 
$ G ((*)) such that Al, ty h 
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Proof of the claim. Let * C IIg,h and w E W such that M,w \^ We will 
show how to construct an expansion of ^ with the desired property. If ^ is 
already p.e., then "if e ((^)) and we are done. 

• If ^ is not p.e. because en ^ then, because Ai,w \= H, "if' = ^U{e/f } 
is a set with A4,w \= "if that is "one step closer" to being p.e. than ^. 

• If is not p.e. and en E ^ then let tt e be a XK-path that is not p.e. 
in 

- If TT is a A-path then (G, = Fi A F2 and since A4,w |= 

{G,H)\^, also M,w 1= Fi = (G, i^)|^A, and |= F2 = 

{G,H)\^Ar- Hence \= ^U{7rAi, ttAJ and ^' = ^U{7rA/, vrA^} 

is a set with A4,w \= ^f' that is "one step closer" to being p.e. 
than "if. 

- If TT is a V-path then {G,H)\.,^ — Fi V F2 and since M,w \= 
(G, H)\^, a]soM,w ^ F^ = {G, H%y^ orM,w^F2^{G, H)\^^, 
Hence M,w |= \& U {ttV;} ot M,w \= ^ L) {ttV,.} and hence can 
obtain a set ^' with |= ^' that is again "one step close" to 
being p.e. than \E'. 

Restarting this process with \[' = \E'' eventually yields an expansion $ of 
the initial set \1' with A4,w \= ^, which proves the claim. 

Let M = {W, R, V) be a model for G with w eW such that M,w \= G. 
Prom M. we construct a tree that is accepted by ^g,h- Using this claim, 
we inductively define a tree t accepted by ^g,h- To this purpose, we also 
inductively define a function / : [n]* ^ such that, if A4, /(p) |= t{p) for 
all p. 

We start by setting f{e) — w ior a, w E W with A4,w \= G. and t(e) = $ 
for a $ e (({e})) such that M.,w \^ ^. Prom the claim we have that such a 
set $ exists because Ai, w \= G = (G, H)\^. 

If /(p) and t{p) are already defined, then, for i E [n], we define f{pi) and 
as follows: 

• if TTj G then Ai,f{p) \= {G,H)\t^- and hence there is a ti;' G H^ 
such that {f{p),w') E R and A4,w' \= {G,!!)],^.^. If tt G t{p) is a 
□-path, then also M,w' \= (G,i7) l^rn holds. Hence M,w' |= {TTjO} U 
{ttD I TT G is a D-path }. We set f{pi) — w' and t{pi) = $ for a 
$ G (({vTiO} U {ttD I TT G t(p) is a D-path })) with M,w' ^ which 
exist by the claim. 
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• if TTj ^ t{p), then we set f{pi) = w for an arbitrary w & W and t{pi) = 

In both cases, we have define f{pi) and t{pi) such that f{pi) \= t{pi). It is 
easy to see that t is accepted by ^g,h with the run r = t. Hence L(2lG,_f/) 7^ 
which is what we needed to show. ■ 



Definition 13 (The Inverse Calculus w. Global Axiom) Let G, H he 

K- formula in NNF and T{g,h th^ set of paths of G, H. Sequents are subsets 
ofYl-cH, o-nd operations on sequents are defined as before. 

In addition to the inferences from Figure the inverse calculus for G 
w.r.t. the global axiom H, IC^h> e-Tnploys the inference 

r, eH 

{ax)- 



r 

From now on, |-]] is defined w.r.t. the states of Slc/f, i-e., |r]] := {$ e 

Qg,h I r c $}. 

Theorem 4 (IC^^^ and the emptiness test for ^g,h simulate each other) 

Let \-ax denote derivation steps of ICq j^, and > derivation steps of the empti- 
ness test for ^G,H- 

1. Let Q C Qg^h be a set of states such that Qo I>* Q- Then there exists a 
set of sequents S with Sq \-ax<S and Q C [[5]] . 

2. Let S be a set of sequents such that Sq \-axS. Then there exists a set of 
states Q C Qq with Qq >* Q and [[5] C Q. 

LemmalHEJ andEl restated for ^g,h and can be shown as before. 

The following lemma deals with the ax- inference of \Cqjj. 

Lemma 8 Let S t> T be a derivation of ICqj^ that employs an ax-inference. 
Then[[Sj = in- 

■j-i 

Proof. Let T = SU {F} with {F, en} G S. Then we know that {ax)- ' 



F 

|T]] = [5]] U [[Fl. Since S CT, fSj C [[T]] holds immediately. If $ G [[F], 
then, since $ is p.e., G $ and $ G [[F, en]] C [5]. ■ 
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The proof of Theorem |3]2 is now analogous to the proof of Theorem |2l2. 

For the proof of Theorem |3Jl, Lemma 0] needs to be re-proved because 
the change in the definition of p.e. now also implies that e// G $ holds for 
every set $ G ((^E')) for any 7^ (see Lemma IHl). This is where the new 
inference ax comes into play. In all other respects, the proof of Theorem HI 1 
is analogous to the proof of Theorem |211. 

Lemma 9 Let $ C a set of paths and S a set of sequents such that 
{{^)) ^ I^J. Then there exists a set of sequents T with S \-axT such that 
there exists A G T with A C 



Proof. If G $ than we can use the same construction used in the proof 
of Lemma 0] to construct the set T such that S \-ax T and there is a A G T 
with A C $. 

li en ^ ^1 then set \I' = and again use the construction from the 

proof of Lemma E]to construct a set T such that S\-axT and there is a A G T 
with A C If ej:^ ^ A then we are done since then also A C $. If A = F, ej^ 
for some F with eu ^ F, then F C $ and T \-axT U {F} can be derived by 

r 6 

\Cq^^ using the inference {ax) . ■ 



Corollary 2 ICq ^ yields an ExpTime decision procedure for satisfiability 
w.r.t. global axioms in K. 

The following algorithm yields the desired procedure: 

Algorithm 1 Let G, H be K-formulae in NNF. To test satisfiability of G 
w.r.t. H, calculate Sq'' . If {ec}} riS^'' 7^0, then answer "not satisfiable," 
and "satisfiable" otherwise. 

Correctness of this algorithm follows from Theorem |21 and 0] If G is not 
satisfiable w.r.t. H, then L{^g,h) = 0, and there exists a set of states Q with 
Qo >* Q and (({ec})) ^ Q- Thus, there exists a set of sequents S with Sq \-ax<S 
such that Q C [[5]]. With (the appropriately reformulated) Lemma El there 
exists a set of sequents T with S such that there is a sequent A G T 
with A C {eg}- Consequently, A = or A = {ec}- 
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Since Sq there exists a set of (inactive) states Q such that Qq >* Q 

and |5o^1] C Q. Since {{{ea})) C [[{ec}! C |01, we know that {0,{eG}} n 
Sq"" 7^ imphes (({ec})) ^ Q- Consequently, L(21g,//) = and thus G is not 
satisfiable w.r.t. H. 

For the complexity, note that there are only exponentially many sequents. 
Consequently, it is easy to see that the saturation process that leads to Sq'' 
can be realized in time exponential in the size of the input formulae. 



6 Future Work 

There are several interesting directions in which to continue this work. First, 
satisfiability in K (without global axioms) is PSPACE-complete whereas the 
inverse method yields only an ExpTlME-algorithm. Can suitable optimiza- 
tions turn this into a PSPACE-procedure? Second, can the optimizations 
considered in Section HI be extended to the inverse calculus with global ax- 
ioms? Third, Voronkov considers additional optimizations. Can they also be 
handled within our framework? Finally, can the correspondence between the 
automata approach and the inverse method be used to obtain inverse calculi 
and correctness proofs for other modal or description logics? 
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